Financial transactions are often made using secure electronic devices such as Automatic Teller Machines (ATMs) and Point Of Sale (POS) terminals and devices. One type of POS device is a fuel dispenser such as a gasoline pump. In one type of transaction, a user swipes a magnetic credit card or debit card through a magnetic card reader of a gasoline pump. The user then uses a keypad on the gasoline pump to enter some form of identity verification information such as a ZIP code or a Personal Identification Number (PIN). After the user has dispensed an amount of fuel, the pump communicates, directly or indirectly, with a financial institution to charge the user for the purchase. Encryption/decryption keys stored in the gasoline pump are used in this communication to make the communication with the financial institution a secure communication. The encryption/decryption keys are very sensitive information because if a thief were to possess the keys, then the thief might be able to interact with the financial institution such that the thief could extract money from the user's account or make unauthorized purchases and charge them to the user's account. Makers of POS terminals and devices, such as gasoline pumps, therefore go to considerable effort to provide anti-tamper circuitry that prevents thieves from gaining access to the keys and other sensitive financial information stored in the POS device.
Thieves unfortunately continue to foil the anti-tamper circuitry and to steal keys, account numbers, and security verification information from POS devices such as gasoline pumps. In one type of attack, the thief steals the electronics portion of the POS device in which the sensitive information is stored. The thief then reduces the temperature of the electronics portion to an extremely low temperature. The electronics may, for example, be placed in a liquid nitrogen bath. At some low temperature, the anti-tamper electronics of the electronics stops operating. The sensitive financial information, however, remains stored in memory in the electronics portion. The thief may then be able to use sophisticated equipment (for example, X-ray imaging equipment) to read the information out of the memory.
To prevent this type of security attack, POS devices often include temperature sensors and associated anti-tamper circuitry. If the anti-tamper circuitry detects that the temperature of the POS device has reached a predetermined low temperature, then the anti-tamper circuitry causes the sensitive information (for example, the encryption keys, account numbers, and personal identification numbers) to be erased from memory before the anti-tamper circuitry gets so cold that it stops working. The erasing, however, requires an amount of energy. The anti-tamper circuitry and the memory are therefore sometimes provided with auxiliary power in the form of a small battery. The security erasure can be performed using energy from an external power supply, or if no such power is available, from the small battery.
To prevent the thief from disabling the security erasure by removing all power from the electronics including the battery power, the anti-tamper circuit monitors the voltage of the small battery. If the battery is removed, then no voltage is detected, a tamper condition is detected, and the memory is erased. Energy for the security erasure, shortly after the battery has been detected to have been removed, is provided by a capacitor that is integrated onto the same integrated circuit as the memory and the anti-tamper circuit. Disconnecting the external power supply and removing the small battery therefore does not prevent the security erasure because enough energy to perform the secure erasure is stored in the capacitor.